Skip to main content

Get started: Send data over the NetFoundry network

This guide walks you through a very common use case: securely tunneling traffic to another machine. You'll walk through the end-to-end process of setting up a secure network tunnel and verifying that the connection has tunneled successfully to the remote machine.

The goal

The primary goal of this exercise is to build a full zero-trust network that can pass traffic over the NetFoundry overlay and prove that the traffic has passed.

The proof

We use an external IP checking service (https://eth0.me/) as the service target.

  • When the service is disabled, the user sees their local IP address.
  • When the service is enabled (and data flows over the network), the resulting IP address should reflect the public IP address of the remote router hosting the service. This proves the data exited the network from that remote location.

Action inventory

To achieve this proof, you'll complete these tasks:

  • Install a router on a machine in a different network.
  • Install a tunneler on your local machine.
  • Create an identity for your local computer and enroll the identity.
  • Connect to a remote service (eth0.me) to verify the address returned from the tunneled traffic demonstrates a different IP from your current computer's IP.

Prerequisites

To complete the verification step (where the IP address changes), you need:

  • NetFoundry console access: You need access to the console to manage the network.
  • NetFoundry tunneler: Install the tunneler app for your OS locally to enroll the client identity.
  • Router hosting: To be successful, you need to install a router on a machine in a network other than your own.
    • Router deployment for this guide: For this specific guide, we'll deploy the NetFoundry router software inside a Docker container on a remote host (e.g., an AWS VM). This method is quick and easy to set up.
    • Alternative deployment options: For other deployment options (including native installs for Linux/Windows or cloud marketplace AMIs for AWS, Azure, GCP), refer to the Ziti Routers section on the NetFoundry downloads page.
    • NetFoundry hosting limitation: NetFoundry-hosted routers are generally prevented from egressing data to external services (like the IP checker), meaning you must use a customer-hosted router.